Tag Archives: Windows Help Centre

Comments Off on 0-Day in Microsoft Windows Help Centre
Posted by ChrisJohnRiley on June 10, 2010

Travis Ormandy (@Taviso) has just released the technical information about a bug he discovered in the
Microsoft Windows Help Centre. Travis has released a good technical breakdown of the vulnerability along with some hints for mitigation on his website –> (UPDATE: this link now forwards to the advisory on Full disclosure).

Having looked at the PoC it’s amazing in its simplicity. I’m sure there’s an art to making such complex things look so effortless 😉

— PoC removed…. please check advisory for ful PoC —

Currently there’s no patch available from Microsoft to fix this issue (although the Microsoft Security Team have been informed). Travis gives a few points of mitigation within the advisory that might be useful to reduce exposure. Please see the advisory for full technical information.

I’m sure this one will end up in Metasploit within a very (very) short time as the PoC seems to be simple enough to change into a workable module. So best mitigate this while you can!

Links

Disclaimer

The contents of this personal blog are solely my own opinions and comments, as such they do not reflect the opinions of my employer(s) past, present or future. No legal liability is accepted for anything you do, think, or consider fact as the basis of articles and links posted on this blog.

"Three to one...two...one...probability factor of one to one...we have normality, I repeat we have normality. Anything you still can’t cope with is therefore your own problem."

Note: A large portion of content I post on my blog comes from "live blogging" of security conferences. These posts are in notes form and are written live during a talk. As such errors and emissions are expected. I'm only human after all!